美国信息系统审计机制研究

信息安全研究 ›› 2017, Vol. 3 ›› Issue (12): 1108-1114.

• 信息安全法律法规专题 • 上一篇下一篇

美国信息系统审计机制研究

孙彦,刘贤刚,蔡磊

中国电子技术标准化研究院

收稿日期:2017-12-15 出版日期:2017-12-15 发布日期:2017-12-15
通讯作者: 孙彦

A Research on U.S. Information System Audit

Received:2017-12-15 Online:2017-12-15 Published:2017-12-15

摘要/Abstract

摘要： 《网络安全法》对网络运营者等主体提出了落实网络安全责任，履行网络安全保护义务的要求。信息系统审计作为督促网络安全责任落实的有力手段，能够促进信息系统安全性、可靠性和有效性的改善。目前，我国在信息系统审计领域尚处于起步阶段，各项制度有待完善，应充分了解和学习其他国家的成熟经验。自上世纪60年代末起，美国已经在信息系统审计领域进行探索实践。经过近半个世纪的发展，美国建立了一套较为完善的信息系统审计机制。研究学习美国信息系统审计在组织机构、审计原则、审计流程、审计模式、审计内容、审计成果等方面的做法和经验，对提升我国网络安全防护能力，探索开展适应我国国情的信息系统审计工作具有重要积极的意义。

关键词: 信息系统审计, 网络安全责任, 审计标准, 一般控制, 应用控制

Abstract: Cybersecurity law raises requirements on network operators to fulfill the cybersecurity responsibility and carry out cybersecurity protection duties. Information system audit, which is a powerful method to supervise the fulfillment of cybersecurity responsibility, can improve the security, reliability and effectiveness of information systems. Information system audit in our country is still in the early stage and corresponding regulations are under development. Considering the current state of information system audit in our country, learning from the successful experience of other countries could be necessary and helpful. Starting from 60s of last century, U.S. has begun its explorations in information system audit area. After the development of almost fifty years, U.S. have already built a well-established mechanism. Learning from the advanced experience of U.S., including organizations, principles, processes, patterns, contents and results of information system audit, will lead to the promotion of information system audit in our country and improvement in cybersecurity protection.

Key words: Information System Audit, Cybersecurity Responsibility, Audit Standardization, General Control, Application Control

孙彦刘贤刚蔡磊. 美国信息系统审计机制研究[J]. 信息安全研究, 2017, 3(12): 1108-1114.

参考文献

1. 吴桂英. 信息系统审计理论与实务[M]. 清华大学出版社, 2012. 2. 刘文. 信息安全审计问题与应用创新策略研究[J]. 信息安全研究, 2017, 3(10): 946-953. 3. 曹洪泽, 唐志豪. 信息系统审计准则国际经验与启示[J]. 财会通讯, 2013(31):114-116. 4. 石爱中. 信息系统审计实务: 中国计算机审计实务报告. 2012[M]. 中国时代经济出版社, 2012. 5. 石爱中. 国家审计信息化与国家治理[M]. 中国时代经济出版社, 2012. 6. 唐志豪, 冯占国, 宋明霞. 信息系统审计的业务模型构建[J]. 财会月刊, 2010(16):41-43. 7. 陈耿. 网络环境下信息系统审计的职能与类型[J]. 南京审计学院学报, 2012(1):45-50. 8. 张文秀, 齐兴利, 黄溶冰. 基于COBIT的信息系统审计框架研究[J]. 南京审计学院学报, 2010, 07(4):29-34. 9. GAO. GAO Workforce [OL]. [2017-11-10] http://www.gao.gov/about/workforce/teams.html 10. The United States Congress. FISMA [OL]. (2002-12-17) [2017-11-10]. https://csrc.nist.gov/topics/laws-and-regulations/laws/fisma 11. GAO. GOVERNMENT AUDITING STANDARDS: 2011 Revision [OL]. (2011-12-01) [2017-11-10]. http://www.gao.gov/products/GAO-12-331G 12. GAO. Federal Information System Controls Audit Manual (FISCAM) [OL]. (2009-02-02) [2017-11-10]. http://www.gao.gov/products/GAO-09-232G 13. Blank R M, Gallagher P D, Joint Task Force Transformation Initiative Interagency Working Group. NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, Revision 4[J]. Washington, DC: National Institute of Standards and Technology (NIST), 2013. 14. GAO. Identity Theft: Additional Actions Could Help IRS Combat the Large, Evolving Threat of Refund Fraud [OL]. (2014-09-22) [2017-11-10]. http://www.gao.gov/products/GAO-14-633 15. GAO. Technology Assessment: Internet of Things: Status and Implications of an Increasingly Connected World [OL]. (2017-05-15) [2017-11-10]. https://www.gao.gov/products/GAO-17-75 16. GAO. Determining Performance and Accountability Challenges and High Risks [OL]. (2000-11-01) [2017-11-10]. http://www.gao.gov/products/GAO-01-159SP 17. GAO. CYBERSECURITY: DHS's National Integration Center Generally Performs Required Functions but Needs to Evaluate Its Activities More Completely [OL]. (2017-02-01) [2017-11-10]. http://www.gao.gov/products/GAO-17-163 18. GAO. ELECTRONIC HEALTH INFORMATION: HHS Needs to Strengthen Security and Privacy Guidance and Oversight [OL]. (2017-09-26) [2017-11-10]. http://www.gao.gov/products/GAO-16-771 19. GAO. VEHICLE CYBERSECURITY: DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack [OL]. (2016-04-25) [2017-11-10].http://www.gao.gov/products/GAO-16-350 20. GAO. CYBERSECURITY: Actions Needed to Strengthen U.S. Capabilities [OL]. (2017-02-14) [2017-11-10]. http://www.gao.gov/products/GAO-17-440T

美国信息系统审计机制研究

A Research on U.S. Information System Audit

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics